Patch: Fraudulent digital certificates issued by DigiNotar could allow spoofing

A fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

Microsoft is aware and investigating issues of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store.

Microsoft has released a security advisory about this issue for IT professionals and also provided an update for all supported releases of Microsoft Windows that revokes the trust of the following DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store:

– DigiNotar Root CA
– DigiNotar Root CA G2
– DigiNotar PKIoverheid CA Overheid
– DigiNotar PKIoverheid CA Organisatie – G2
– DigiNotar PKIoverheid CA Overheid en Bedrijven

Microsoft has also confirmed that this is not a vulnerability in a Microsoft product but this issue affects all supported releases of Microsoft Windows.

The patches are available for download below:
Download the Update for Windows 7 (KB2607712) package now.

Download the Update for Windows 7 for x64-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 R2 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 R2 x64 Edition (KB2607712) package now.

Download the Update for Windows Vista (KB2607712) package now.

Download the Update for Windows Vista for x64-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 (KB2607712) package now.

Download the Update for Windows Server 2008 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 x64 Edition (KB2607712) package now.

Download the Update for Windows XP (KB2607712) package now.

Download the Update for Windows XP x64 Edition (KB2607712) package now.

Download the Update for Windows Server 2003 (KB2607712) package now.

Download the Update for Windows Server 2003 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2003 x64 Edition (KB2607712) package now.

The security advisory contains additional security-related information. Click here to view the security advisory.

Advertisements

2 responses to this post.

  1. […] #split {}#single {}#splitalign {margin-left: auto; margin-right: auto;}#singlealign {margin-left: auto; margin-right: auto;}.linkboxtext {line-height: 1.4em;}.linkboxcontainer {padding: 7px 7px 7px 7px;background-color:#eeeeee;border-color:#000000;border-width:0px; border-style:solid;}.linkboxdisplay {padding: 7px 7px 7px 7px;}.linkboxdisplay td {text-align: center;}.linkboxdisplay a:link {text-decoration: none;}.linkboxdisplay a:hover {text-decoration: underline;} function opensingledropdown() { document.getElementById('singletablelinks').style.display = ''; document.getElementById('singlemouse').style.display = 'none'; } function closesingledropdown() { document.getElementById('singletablelinks').style.display = 'none'; document.getElementById('singlemouse').style.display = ''; } Whats Difference between Windows 8 and Windows 7 ?Resolve: Office 2010 Suite Installation fails on selected Windows Operating System (OS)Display the Time for Two Zones at Once in Windows 7 and VistaHas Windows Vista gotten faster?Royal Pingdom: How Microsoft is handicapping its own web browserPatch: Fraudulent digital certificates issued by DigiNotar could allow spoofing […]

    Reply

  2. […] Users who have enabled automatic updates are already protected and no further action is required, and others are recommended to download the cumulative version of the KB2616676 to protect themselves from the fraudulent certificates listed in Security Advisory 2607712. […]

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: